DISTRIBUTED SECURITY - Equinix

12
DISTRIBUTED SECURITY DIGITAL EDGE PLAYBOOK Rethinking security as part of your digital edge strategy and architecture

Transcript of DISTRIBUTED SECURITY - Equinix

Page 1: DISTRIBUTED SECURITY - Equinix

DISTRIBUTED SECURITYDIGITAL EDGE PLAYBOOK

Rethinking security as part of your digital edge strategy and architecture

Page 2: DISTRIBUTED SECURITY - Equinix

PURPOSE

This playbook outlines how industry leaders are distributing security to solve scale and integration challenges using interconnection and colocation (control points). This enables them to deliver new command and control capabilities as part of a broader digital edge strategy.

CHALLENGE

In digital business, market position is determined by business capabilities and scale. Digital transformation is the path to those capabilities, and digital optimization is their application to existing and new business models, to achieve scale.

It’s a fast-paced digital arms race affecting all industries with increasing complexity across more networks and participants (which grows the attack surface and shared risk). Together this is driving a fragmentation of controls and a breakdown of traditional top-down governance—none of which can be solved with conventional security practices, culture and infrastructure.

NEED

The business is depending on its technology teams to succeed in the digital economy. Security and risk professionals need to be digital business enablers, empowering innovation and change at speed, yet ensuring the right guardrails are in place to balance risk, protect the business and be trusted.

Digital edge security is not another layer in your current control framework. It’s rethinking the way you architect security and control for the digital edge as part of a new digital edge control framework.

ABOUT THIS PLAYBOOK TABLE OF CONTENTS

2 About

3 Executive Summary

4 Market Trends

5 Interconnection Insights

6 Current-State Constraints

7 Future-State Capabilities

8 Strategy

9 Roadmap

10 Platform

11 Getting Started

Equinix.com | 2© 2019 Equinix Equinix.com | 2

Page 3: DISTRIBUTED SECURITY - Equinix

Security professionals face strong pressures that require a new strategy and architecture for the digital edge

EXECUTIVE SUMMARY

PLAYBOOK CONSTRAINTS AND CAPABILITIESTRENDS AND INSIGHTS

TRENDS INSIGHTS CONSTRAINTS CAPABILITIES STRATEGY ROADMAP PLATFORM

Information security and risk practitioners need to transform from being seen as risk-averse business inhibitors to enablers of speed and agility—yet still place security guardrails to avoid disaster.

Every industry is shifting corporate and partner/ ecosystem traffic to interconnection, while using control points to exchange traffic privately.

Traditional IT architectures consolidated infrastructure and localized services and traffic around centralized “core” data centers. This created constraints that must be addressed for digital business.

Following the best practices of an IOA® strategy, firms are distributing strategic control points closer to customers, employees, partners and ecosystems—using them as forward operating bases to scale for digital.

Taking an interconnection-first approach, combined with a zero-trust model, allows for control of all business communication and integration through traffic exchange points.

Leverage this security-customized roadmap, based on the best practices of an IOA strategy, to implement the DE playbook.

To achieve these benefits, your architecture and platform require three critical elements provided by Platform Equinix®.

3 ©2019 Equinix.com

Page 4: DISTRIBUTED SECURITY - Equinix

MARKET TRENDS

Summary

Information security and risk practitioners need to transform from being seen as risk-averse business inhibitors to enablers of speed and agility—yet still place security guardrails to avoid disaster. As digital business drives firms to deliver new engagement, commerce and data models closer to population centers, networks and clouds, security needs to shift and adopt a digital edge control framework.

Digital is increasing risk, both in volume and impact of security breaches…

Implications

• Tighter integration with clouds and business partners can fragment controls, increase or transfer risks, and become a barrier to cloud adoption.

• Traditional centralized security and compliance control functions are becoming less effective every day.

Gartner, Technology Insight: Edge Computing in Support of the Internet of Things

BY 2022, 75% OF ENTERPRISE DATA WILL BE CREATED AND PROCESSED OUTSIDE THE TRADITIONAL, CENTRALIZED DATA CENTER

75%78% OF FIRMS BELIEVE RISK FOR DATA PROTECTION AND PRIVACY COMPLIANCE IS INCREASING

78%

…along with driving new demand for multiparty integration and information exchange…

Implications

• Breaches are driving regulation changes, like GDPR, which have some firms re-thinking their existing cloud architectures entirely.

• New regulations and privacy rules are changing conventional security practices, culture and infrastructure.

Ponemon, Data Risk in the Third-Party Ecosystem 2017

56% OF COMPANIES EXPERIENCED 3RD-PARTY DATA BREACHES IN 2017

DATA BREACHES CAUSED BY THIRD PARTIES ARE ON THE RISE (+7%)

56%

…which requires re-architecting for digital business and distributed IT engagement

Implications

• In digital, trust is becoming more important than anything else. Lose customer or partner trust, and your position in the market shifts with it.

• Digital is forcing firms to move faster, increasing the rate of change, while diminishing the time to understand the implications.

EY, Global Forensics Data Analytics Survey, 2018

4 ©2019 Equinix.com

Page 5: DISTRIBUTED SECURITY - Equinix

INTERCONNECTION INSIGHTS

Summary

Every industry is shifting corporate and partner/ecosystem traffic to interconnection, while using control points to exchange traffic privately. Interconnection is scaling the digital economy and therefore growing fast in ecosystem-dense locations. At this rate, Interconnection Bandwidth is forecasted to outpace the internet at twice the speed of growth and 6x the volume of traffic. *Interconnection Bandwidth is the total capacity provisioned to privately and directly exchange traffic with a diverse set of counterparties and providers at distributed IT exchange points inside carrier-neutral colocation data centers. **Interconnection is direct and private traffic exchange between key business partners.

Interconnection Bandwidth* is projected to outpace growth of internet and MPLS traffic...

Opportunity

Interconnection** is becoming standard for digital business scale. Companies take advantage of this by establishing the military equivalent of a forward operating base, closer to population centers and clouds, to create new traffic exchange and control points.

Equinix, The Global Interconnection Index Volume 2

Tra�c Growth by Connectivity Type2017–2021

26%

7%

48%

MPLS Internet Interconnection

Opportunity

Enterprises are using strategic control points and ecosystem access to optimize their networks, interconnect cloud and IT services, incorporate digital commerce services, integrate their supply chains and improve content distribution. All of these require various control functions where they meet.

...and key interconnection use cases with strategic control points driving digital business.

Equinix, The Global Interconnection Index Volume 2

40

158

70

373

168

93

1,327

780

1,439

5,46342%

98%

47%

52%

41%

66%

18%

9%

5%

2%

NetworkProviders

Cloud & IT Providers

Financial ServiceProviders

ContentProviders

Supply ChainPartners

200 400 600

2017 2021

800 1,000 5,000

Interconnection Bandwidth by Counterparty CAGR 2021

MIXInstalled Capacity (Tbps)

Opportunity

Interconnection in colocation facilities is being adopted by all industries to simplify their own environment, securely connect partners and engage in digital business with lower overall cyber risk. Businesses are using these points of aggregation and exchange to consolidate connections and keep traffic private.

....with compounding growth year-over-year across all industries...

Equinix, The Global Interconnection Index Volume 2

1,756

1,382

1,046

975

844

761

410

328

268

213

169

61

400 800 1,200 1,600 2,0002021MIX

CAGR17–21

Interconnection Bandwidth by Industry TypeInstalled Capacity (Tbps)

LATAMEU APUS

Telecommunications

Cloud & IT Services

Banking & Insurance

Manufacturing

Securities & Trading

Content & Digital Media

Business & Prof. Services

Energy & Utility

Wholesale & Retail

Other

Healthcare & Life Sciences

Government & Education

36% 21%

37% 17%

65% 13%

56% 12%

61% 10%

41% 9%

65% 5%

73% 4%

67% 3%

71% 3%

70% 2%

66% 1%

5 ©2019 Equinix.com

Page 6: DISTRIBUTED SECURITY - Equinix

CURRENT-STATE CONSTRAINTS

Digital has taken the traditional IT approach and turned it upside down

CONTROL FUNCTIONS

TRUSTED

UNTRUSTED

HQ

3rd Party

INTERNETMPLS

1. Lack of visibility

3. Fragmented controls and management

2. Unsustainable bottlenecks

4. Data dispersion and uncontrolled risk

Summary

Traditional IT architectures consolidated infrastructure and localized services and traffic around centralized “core” data centers. This created constraints that must be addressed for digital business. The shift to digital has effectively turned the topology upside down, and the tipping point has already passed for most industries. Traditional security tools and practices were not designed for these new architectural requirements, so “adding on” to existing will not work.

6 ©2019 Equinix.com

Page 7: DISTRIBUTED SECURITY - Equinix

FUTURE-STATE CAPABILITIES

HQ

DISTRIBUTED CONTROL FUNCTIONS

Internet

3rd Party

Solve with distributed points of interconnection with adjacent control functions

1. Awareness and visibility

3. Integrated control and management

2. Distributed scale and capacity

4. Data placement and access controls

Summary

Interconnection is rapidly growing as the preferred approach to scale for digital business. Following the best practices of an Interconnection Oriented Architecture® (IOA®) strategy, firms are distributing strategic control points (near customers, employees, partners and ecosystems) and using them as forward operating bases (in military terms). This allows them to see the traffic across all networks; distribute control functions where needed for scale; strategically integrate cloud services and ecosystems; and enforce data compliance. IOA puts you back in the center of your architecture, enabling rapid scale with the required guardrails.

7 ©2019 Equinix.com

Page 8: DISTRIBUTED SECURITY - Equinix

STRATEGY

Architecting for the digital edge requires an interconnection-first approach

Summary

Taking an interconnection-first approach, combined with a zero-trust model, allows for control of all business communication through traffic exchange points—with local private data repositories and multicloud application and services integration. This enables you to manage constant change in any cloud or partner, while maintaining control at the zero-trust exchange points.

1Control digital

communications

Deploy network security to strategic interconnection control points• Choose physically secure locations.

• Aggregate connectivity and dynamically interconnect ecosystems.

• Drive all flows through a zero-trust checkpoint.

2Integrate

multicloud and data controls

Solve multicloud, application and data complexity with local integration• Implement a common identity and

encryption strategy.

• Privately store sensitive data and encryption keys.

• Integrate security with application infrastructure.

3Enable digital

business

Scale global awareness and dynamic response with trust• Aggregate events into higher-level automation.

• Model and share expected behaviors with the ecosystem.

• Become a digital trusted provider/partner.

8 ©2019 Equinix.com

Page 9: DISTRIBUTED SECURITY - Equinix

ROADMAP Digital-ready network

Summary

Leverage this security-customized roadmap, based on the best practices of an IOA strategy, to implement the DE playbook. Take control of all digital communications at the distributed interconnection and traffic exchange points. Locally integrate application and data controls across multiple clouds. Leverage ecosystems to achieve digital scale and become a trusted digital provider and partner.

Security-customized roadmap based on IOA best practices

Multic

loud

iden

tity

man

agem

ent

Cloud

-neu

tral e

ncry

ption

and ke

y m

anag

emen

t

Privat

e dat

a re

positorie

s and

com

plianc

e

Applicat

ion

infra

stru

ctur

e(s)

Develo

pmen

t and

API s

ervic

es Pre-emptively respond

Develop algorithmic models

Apply end-to-end behavioral analytics

Share intelligence with partners and customers

Aggregate events with complex event processing

Position threat detection and policy enforcement

Segment network access with inspection zones

Localize traffic management and transport security

Apply zero-trust boundary with dynamic interconnection

Deploy strategic fortified control points

1Distribute network security controls

2 3

Integrate multicloud and data controls

Enable digital business

1Control digital

communications

Deploy network security to strategic interconnection control points

2Integrate

multicloud and data controls

Solve multicloud, application and data complexity with local integration

3Enable digital

business

Scale global awareness and dynamic response with trust

9 ©2019 Equinix.com

Page 10: DISTRIBUTED SECURITY - Equinix

PLATFORM

To achieve the benefits of the strategy and the roadmap steps in this playbook, your architecture and platform require three critical elements: global location coverage; private interconnection with rich digital ecosystems; and the capability to integrate, standardize and simplify control.

Reach Everywhere • Global, metro cities and markets.

• Geographical compliance and sovereignty.

• Business operations and offices.

• Fleet, plant and field.

Interconnect Everyone• Access network and cloud providers.

• Participate in ecosystems exchange.

• Leverage commoditized services.

• Share and exchange data.

• Transact using digital commerce.

Integrate Everything• Marketplace of control functions.

• Cloud and managed services.

• Private data and distribution repositories.

• Globally standard policies.

• Business continuity and control.

• Establish digital commerce and payments.

Global Coverage

Digital edge control point locations where you need them, close to...

Interconnection and Ecosystems Direct and dynamic private exchange

of data across…

Integration and Control Integrate digital and physical services to

control and optimize...

Customers

Networks

Security

Employees

Clouds

Data

Partners

Payments

Applications

Things

Supply Chain

Business

10 ©2019 Equinix.com

Page 11: DISTRIBUTED SECURITY - Equinix

GETTING STARTED

Playbook Companion Resources

Request a detailed briefing or strategy workshop with our experts.

Contact your Equinix account executive and learn more at equinix.com

Equinix Americas

Main: +1.650.598.6000 Email: [email protected]

Equinix EMEA

Main: +31.20.754.0305 Email: [email protected]

Equinix Asia-Pacific

Main: +852.2970.7788 Email: [email protected]

The Platform EquinixVision

See how platform coverage, new dynamic SDN connectivity and ecosystem access enable new capabilities.eqix.it/PlatformEquinixVision

Global Interconnection Index

Learn how Interconnection Bandwidth growth is shaping next-generation opportunities.eqix.it/InterconnectionIndex

IOA Playbook and Blueprints

Download proven network architecture blueprints and design patterns based on industry-leading implementations of IOA.eqix.it/playbookeqix.it/securitywiki

Equinix Marketplace

Promote network services to installed platform customers worldwide. eqix.it/marketplacebrochure

11 ©2019 Equinix.com

Page 12: DISTRIBUTED SECURITY - Equinix

© 2019 Equinix, Inc.Equinix.com

Equinix, Inc. (Nasdaq: EQIX) connects the world’s leading businesses to their customers, employees and partners inside the most-interconnected data centers. In 52 markets across five continents, Equinix is where companies come together to realize new opportunities and accelerate their business, IT and cloud strategies. In a digital economy where enterprise business models are increasingly interdependent, interconnection is essential to success. Equinix operates the only global interconnection platform, sparking new opportunities that are only possible when companies come together.

Learn more at equinix.com

Equinix AmericasMain: +1.650.598.6000Email: [email protected]

Equinix EMEAMain: +31.20.754.0305Email: [email protected]

Equinix Asia-PacificMain: +852.2970.7788Email: [email protected]